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^ General stora ge protection t echniq ue s: Sec uring dis tri b uted sto rag e: challen ges. 
^ techniques, and systems 
^ Vishal Kher, Yongdae Kim 

November 2005 Proceedings of the 2005 ACM workshop on Storage security and 

survivability StorageSS '05 
Publisher: ACM Press 

Full text available: ^.gdl{2MSlW) Additional Information: full citation. aMract, Merences, Index terms 

The rapid increase of sensitive data and the growing number of government regulations 
that require longterm data retention and protection have forced enterprises to pay serious 
attention to storage security. In this paper, we discuss important security issues related 
to storage and present a comprehensive survey of the security services provided by the 
existing storage systems. We cover a broad range of the storage security literature, 
present a critical review of the existing solutions, compare ... 

Keywords: authorization, confidentiality, integrity, intrusion detection, privacy 



IrTiproyed^ with applications to sec u re distributed stora ge | 

Giuseppe Atenlese, Kevin Fu, Matthew Green, Susan Hohenberger 

February 2006 ACM Transactions on Information and System Security (TISSEC), volume 

9 Issue 1 
Publisher: ACM Press 

Full text available: ^ pdf (3 31.59 K B) Additional Information: f ul l c i tat ion, a bstract , r eferences , index terms 

In 1998, Blaze, Bleumer, and Strauss (BBS) proposed an application called atomic proxy 
re-encryption, In which a semitrusted proxy converts a ciphertext for Alice into a 
ciphertext for Bob without seeing the underlying plaintext. We predict that fast and secure 
re-encryption will become increasingly popular as a method for managing encrypted file 
systems. Although efficiently computable, the wide-spread adoption of BBS re-encryption 
has been hindered by considerable security risks. ... 

Keywords: Proxy re-encryption, bilinear maps, double decryption, key translation 
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Ravi Sandhu, Xinwen Zhang 
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June 2005 Proceedings of the tenth ACM symposium on Access control models and 
technologies SACMAT '05 

Publisher: ACM Press 

Full text available: HI pdf(21 5.48 KB) '"fo^^tion: full citation , abstract, references, citings, index 

^ terms , review 

It has been recognized for some time that software alone does not provide an adequate 
foundation for building a high-assurance trusted platform. The emergence of industry- 
standard trusted computing technologies promises a revolution in this respect by 
providing roots of trust upon which secure applications can be developed. These 
technologies offer a particularly attractive platform for security in peer-to-peer 
environments. In this paper we propose a trusted computing architecture to enforce ac ... 

Keywords: access control, policy enforcement, security architecture, trusted computing 

^ Crypto g raphic storage security: Secure capabilities for a petab yt e -s cale ob j ect-based 
^ d istri bu ted file system 
^ Christopher Olson, Ethan L. Miller 

November 2005 Proceedings of the 2005 ACM workshop on Storage security and 
survivability StorageSS '05 

Publisher: ACM Press 

Full text available: ^ pdfd 99. 3 7 KB) Additional Information: full citation , abstract , references , index terms 

Recently, the Network-Attached Secure Disk (NASD) model has become a more widely 
• used technique for constructing large-scale storage systems. However, the security 
system proposed for NASD assumes that each client will contact the server to get a 
capability to access one object on a server. While this approach works well in smaller- 
scale systems in which each file is composed of a few objects, it fails for large-scale 
systems in which thousands of clients make accesses to a single file composed ... 

Keywords: capabilities, object-based storage, scalability 



5 Architecture for Protecting Critical Secrets in Microprocessors 1 
Ruby B. Lee, Peter C. S. Kwan, John P. McGregor, Jeffrey Dwoskin, Zhenghong Wang 
May 2005 ACM SIGARCH Computer Architecture News , Proceedings of the 32nd 

annual international symposium on Computer Arcliitecture ISCA '05, volume 

33 Issue 2 

Publisher: IEEE Computer Society, ACM Press 

Full text available: 'g| pdf (1 43,62 KB ) Additional Information: full citation , abstrac t, cited by. i ndex terms 

We propose "secret- protected (SP)" architecture to enable secure and convenient 
protection of critical secrets for a given user in an on-line environment. Keys are 
examples of critical secrets, and key protection and management is a fundamental 
problem L often assumed but not solved <L underlying the use of cryptographic protection 
of sensitive files, messages, data and programs. SP-processprs contain a minimalist set of 
architectural features that can be built into a general-purpose microprocess ... 

Cryptographic storage security: Key management for mul ti-u se r encr y pted databases 
Ernesto Damiani, S. De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, Stefano 
Paraboschi, Pierangela Samarati 

November 2005 Proceedings of the 2005 ACM workshop on Storage security and 
survivability StorageSS '05 

Publisher: ACM Press 

Full text available: ^ pdf(408.91 KB ) Additional Information: full citation , abstract , references, index terms 
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Database outsourcing is becoming increasingly popular introducing a new paradigm, 
called database-as-a-service (DAS), where an organization's database is stored at an 
external service provider. In such a scenario, access control is a very important issue, 
especially if the data owner wishes to publish her data for external use. In this paper, we 
first present our approach for the implementation of access control through selective 
encryption. The focus of the paper is then the presentation ... 

Keywords: encrypted/indexing databases, hierarchical key derivation schema, selective 
access 



7 Data prote c tion: Searchable symmetri c encr yption: improyed^^^d^^ Q 

^ constructions 

^ Reza Curtmola, Juan Garay, Seny Kamara, Rafail Ostrovsky 

October 2006 Proceedings of the 13th ACM conference on Computer and 
communications security CCS '06 

Publisher: ACM Press 

Full text available: ^ pdf( 682.40 KB ) Additional Information: fu l l citation , abstrac t, refe rences, index terms 

Searchable symnnetric encryption (SSE) allows a party to outsource the storage of its data 
to another party (a server) in a private manner, while maintaining the ability to 
selectively search over it. This problem has been the focus of active research in recent 
years. In this paper we show two solutions to SSE that simultaneously enjoy the following 
properties: 

1. Both solutions are more efficient than all previous constant-round schemes. In 
particular, the work performed by the server per r ... 

Keywords: multi-user, searchable encryption, searchable symmetric encryption, 
security definitions 



8 General storage protection techniques: Ensuring data integrity in storage: techniques ^ 
and applications 

Gopalan Sivathanu, Charles P. Wright, Erez Zadok 

November 2005 Proceedings of the 2005 ACM workshop on Storage security and 
survivability StorageSS '05 

Publisher: ACM Press 

Full text available:^ pdf(217.83 KB) Additional Information: full citation , abstract , references , index terms 

Data integrity is a fundamental aspect of storage security and reliability. With the advent 
of network storage and new technology trends that result in new failure modes for 
storage, interesting challenges arise in ensuring data integrity. In this paper, we discuss 
the causes of integrity violations in storage and present a survey of integrity assurance 
techniques that exist today. We describe several interesting applications of storage 
integrity checking, apart from security, and discuss the im ... 

Keywords: file systems, intrusion detection, storage integrity 




9 A key distribution nnethod for object-based protection 
Warwick Ford, Michael J. Wiener 

November 1994 Proceedings of the 2nd ACM Conference on Computer and 
communications security CCS '94 

Publisher: ACM Press 

Full text available: pdf (501 .57 KB) Additional Information: full cita tion, abstract, referejices, jodex terms 
In any scheme for protecting the confidentiality of data, selecting a key and encrypting 
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the data is the easy part. The difficult part Is controlling access to decryption keys. This 
beconnes particularly significant with object-based protection, that is protection of an 
object, such as a file or a message, regardless of where the object Is currently being 
stored or transferred within a distributed environment. An example of object-based 
protection is traditional electronic m ... 

10 Short papers - storage survivability: Toward securing untrusted storage without 

^ pu blic-ke y operations 

^ Dalit Naor, Amir Shenhav, Avishai Wool 

November 2005 Proceedings of the 2005 ACM workshop on Storage security and 
survivability StorageSS '05 

Publisher: ACIVI Press 

Full text available: ^pdf(3 44 77 KB) Additional Information: full citation, abstract, re ferences , i ndex terms 

Adding security capabilities to shared, remote and untrusted storage file systems leads to 
performance degradation that limits their use. Public-key cryptographic primitives, widely 
used in such file systems, are known to have worse performance than their symmetric 
key counterparts. In this paper we examine design alternatives that avoid public-key 
cryptography operations to achieve better performance. We present the trade-offs and 
limitations that are introduced by these substitutions. 

Keywords: network attached storage, secure file systems 



Intrusion detection and modeling: Aug mentin g stora ge with an intrusion response 
primitive to ensure the security of critical data 
Ashlsh Gehani, Surendar Chandra, Gershon Kedem 
March 2006 Proceedings of the 2006 ACM Symposium on Information, computer and 

communications security ASIACCS '06 
Publisher: ACM Press 

Full text available: ^ pd f(326.59 KB ) Additional Information: full c it ati on , abstract, references, i ndex terms 

Hosts connected to the Internet continue to suffer attacks with high frequency. The use of 
an intrusion detector allows potential threats to be flagged. When an alarnn is raised, 
preventive action can be taken. A prinnary goal of such action is to assure the security of 
the data stored in the system. If this operation is effected manually, the delay between 
the alarm and the response may be enough for an intruder to cause significant 
damage.The alternative proposed in this paper is to provide a re ... 

^ ^ Cryptography and data securit y 
Dorothy Elizabeth Robling Denning 
January 1982 Book 

Publisher: Addison-Wesley Longman Publishing Co., Inc. 

r- „* ^ I ui 0 ^f^^n A-^ ^.An^ Additional Information: full citation, abstract, reJerenoBs, cite^ 

Full text available: 1x1 pdf(19.47 MB) 

^ " ^ terms 

From the Preface (See Front Matter for full Preface) 

Electronic computers have evolved from exiguous experimental enterprises in the 1940s 
to prolific practical data processing systems in the 1980s. As we have come to rely on 
these systems to process and store data, we have also come to wonder about their ability 
to protect valuable data. 

Data security is the science and study of methods of protecting data in computer and 
communication systems from unauthorized disclosure ... 
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Decentralized st o r age syst ems: Farsite: federated, avai l able, and reliable stora g e for 
A an incompletely trusted envjronmen^^^ 

^ AtuI Adya, William J. Bolosky, Miguel Castro, Gerald Cermak, Ronnie Chaiken, John R. 
Douceur, Jon Howell, Jacob R. Lorch, Marvin Theimer, Roger P. Wattenhofer 
December 2002 ACM SIGOPS Operating Systems Review, volume 36 issue si 

Publisher: ACM Press 



Full text available: ■g.p.dfQJL.MB) 



Additional Information: full cita t ion , abstract, references, cited b y. index 
terms 



Farsite is a secure, scalable file system that logically functions as a centralized file server 
but is physically distributed among a set of untrusted computers. Farsite provides file 
availability and reliability through randomized replicated storage; it ensures the secrecy of 
file contents with cryptographic techniques; it maintains the integrity of file and directory 
data with a Byzantine-fault-tolerant protocol; it is designed to be scalable by using a 
distributed hint mechanism and delegatio ... 

4 S c a ling security: Design, implementation and evaluation of security in iSCSI-based | 

^ network storage systems 

^ Shiva Chaitanya, Kevin Butler, Anand Sivasubramaniam, Patrick McDaniel, Murali Vilayannur 
October 2006 Proceedings of ttie second ACM worksliop on Storage security and 

survivability StorageSS '06 
Publisher: ACM Press 

Full text available:^ pdf (296.66 KB ) Additional Information: full citation , abstrac t, ref erences , index terms 

This paper studies the performance and security aspects of the ISCSI protocol in a 
network storage based system. Ethernet speeds have been improving rapidly and network 
throughput is no longer considered a bottleneck when compared to Fibre-channel based 
storage area networks. However, when security of the data traffic is taken into 
consideration, existing protocols like IPSec prove to be a major hindrance to the overall 
throughput. In this paper, we evaluate the performance of iSCSI when deploye ... 

Keywords: IPSec, authentication, encryption, iSCSI 

15 Data protection: Attribute-based encryption for fine-grained access control of 
^ encrypted 

^ Vipul Goyal, Omkant Pandey, Amit Sahai, Brent Waters 

October 2006 Proceedings of the 13th ACM conference on Computer and 

communications security CCS '06 
Publisher: ACM Press 

Full text available: g pdf(277.4 6 KB) Additional Information: full c itation, abstract , references , index terms 

As more sensitive data is shared and stored by third-party sites on the Internet, there will 
be a need to encrypt data stored at these sites. One drawback of encrypting data, is that 
it can be selectively shared only at a coarse-grained level (i.e., giving another party your 
private key). We develop a new cryptosystem for fine-grained sharing of encrypted data 
that we call Key-Policy Attribute- Based Encryption (KP-ABE). In our cryptosystem, 
ciphertexts are labeled with sets of attributes and pri ... 

Keywords: access control, attribute-based encryption, audit logs, broadcast encryption, 
delegation, hierarchical identity-based encryption 

On the enclpherment of se arc h trees and random access files 
^ R. Bayer, J. K. Metzger 

^ March 1976 ACM Transactions on Database Systems (TODS), volume i issue i 
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Publisher: ACM Press 

Full text available: e pdftt.30 MB) Information: jyilcitatkm. abstract, references, citings, index 

™_ . term s 

The securing of information in indexed, random access files by means of privacy 
transformations must be considered as a problem distinct from that for sequential files. 
Not only must processing overhead due to encrypting be considered, but also threats to 
encipherment arising from updating and the file structure itself must be countered. A 
general encipherment scheme is proposed for files maintained in a paged structure in 
secondary storage. This is applied to the encipherment of indexes or ... 
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Although cryptographic techniques are playing an increasingly important role in modern 
computing system security, user-level tools for encrypting file data are cumbersome and 
suffer from a number of inherent vulnerabilities. The Cryptographic File System (CFS) 
pushes encryption services into the file system itself. CFS supports secure storage at the 
system level through a standard Unix file system interface to encrypted files. Users 
associate a cryptographic key with the directories ... 
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Almost every few weeks there is some breaking news about sonne organization that has 
lost information via the physical loss of an unencrypted storage device. This paper 
reviews some alternatives for encrypting Information on storage devices and how those 
alternatives might be used. The open source TrueCrypt system is covered is some detail. 
Some suggestions for information security policy guidelines are provided. From personal 
data to enterprise data, Information security is becoming increasin ... 
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Laptops are vulnerable to theft, greatly increasing the likelihood of exposing sensitive 
files. Unfortunately, storing data in a cryptographic file system does not fully address this 
problem. Such systems ask the user to imbue them with long-term authority for 
decryption, but that authority can be used by anyone who physically possesses the 
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machine. Forcing the user to frequently reestablish his identity is intrusive, encouraging 
him to disable encryption.This tension between usability and secur ... 
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There are two main issues concerning data security on networks; controlling access and 
the vulnerability of data communication linl<s. A brief introduction to the various 
techniques which may be applied to these concerns are given in this paper. 
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